cve.akaoma.com
CVE-2026-55879: Critical XSS Vulnerability in OpenReplay Leads to Account Takeover
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
CVE-2026-55879 is a critical vulnerability affecting OpenReplay versions 1.24.0 to 1.25.0, allowing unauthenticated attackers to execute stored XSS in the dashboard. The flaw arises from the OpenReplay tracking SDK's failure to properly encode input, enabling attackers to store malicious scripts that can read session JWTs from localStorage. This vulnerability has been assigned a CVSS score of 9.3, indicating its high severity. The issue has been addressed in version 1.25.0, which is now available for users to mitigate the risk. Organizations using affected versions are urged to upgrade immediately to prevent potential account takeovers. The vulnerability was published on July 10, 2026, and has been acknowledged by multiple sources. Immediate action is recommended due to the potential for widespread exploitation.
Key Points: • CVE-2026-55879 allows unauthenticated XSS attacks in OpenReplay dashboards. • The vulnerability affects OpenReplay versions 1.24.0 to 1.25.0 and has a CVSS score of 9.3. • Users are advised to upgrade to version 1.25.0 to mitigate the risk of account takeover.